12
Jul 18

Sextortion Scam Uses Recipient’s Hacked Passwords

Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.

The basic elements of this sextortion scam email have been around for some time, and usually the only thing that changes with this particular message is the Bitcoin address that frightened targets can use to pay the amount demanded. But this one begins with an unusual opening salvo:

“I’m aware that <substitute password formerly used by recipient here> is your password,” reads the salutation.

The rest is formulaic:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

KrebsOnSecurity heard from three different readers who received a similar email in the past 72 hours. In every case, the recipients said the password referenced in the email’s opening sentence was in fact a password they had previously used at an account online that was tied to their email address.

However, all three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers.

It is likely that this improved sextortion attempt is at least semi-automated: My guess is that the perpetrator has created some kind of script that draws directly from the usernames and passwords from a given data breach at a popular Web site that happened more than a decade ago, and that every victim who had their password compromised as part of that breach is getting this same email at the address used to sign up at that hacked Web site.

I suspect that as this scam gets refined even more, perpetrators will begin using more recent and relevant passwords — and perhaps other personal data that can be found online — to convince people that the hacking threat is real. That’s because there are a number of shady password lookup services online that index billions of usernames (i.e. email addresses) and passwords stolen in some of the biggest data breaches to date.

Alternatively, an industrious scammer could simply execute this scheme using a customer database from a freshly hacked Web site, emailing all users of that hacked site with a similar message and a current, working password. Tech support scammers also may begin latching onto this method as well.

Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money.

According to the FBI, here are some things you can do to avoid becoming a victim:

-Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.
-Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
-Turn off [and/or cover] any web cameras when you are not using them.

The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

Tags: , ,

1,076 comments

  1. wow I didn’t even know thay such thing exist. Thanks for the valuable information and I will take extra precautions.

  2. Not received any kind of mail yet. but, I got a few in my spam, I can’t understand how people fall for those. I wonder what would happen if someone responded to the email?

  3. My father recieved the same email yesterday, this is the first ever time we are facing something like this so I didn’t really know what to do, ( by the way Im from Turkey) I copy-pasted one of the paragraphs to the internet and luckily ended up in here. Once I read the article and the comments, it relieved me a lot but today my father got another mail from a different account. Its basically written ‘ is this your professional or private email address?’ I mean, we rarely use laptop and never actually for porn. The password he cited in the first email is our current wifi password so Im paranoid a bit. The second mail is a mere coincidence, or is there anyone else here who got an alike second mail. Thanks anyway

  4. This guy was busy I see. Got the email on July 16. Looks like the email varies a bit (I was asked for $1900). He is probably running an A B Test to see what combination works best for getting people to pay.

    This is your badluck. I am aware XXXXXXXX is your pass word. Moreover, I know about your secret and I’ve evidence of this. You don’t know me personally and no one hired me to examine you.

    It’s just your misfortune that I stumbled across your blunder. The truth is, I actually placed a malware on the adult video clips (porn) and you visited this website to experience fun (you know what I mean). When you were busy watching video clips, your internet browser initiated operating as a Rdp (Remote desktop) that has a key logger which provided me with accessibility to your display screen and cam. Just after that, my software program obtained your complete contacts from fb, and mailbox.

    After that I gave in much more time than I should’ve into your life and made a two screen video. First part shows the recording you had been watching and other part shows the recording from your cam (its you doing inappropriate things).

    Honestly, I want to forget all information about you and allow you to move on with your daily life. And my goal is to present you 2 options that will accomplish that. The two options are with the idea to ignore this letter, or simply pay me $1900. Let us investigate those two options in more detail.

    Option 1 is to ignore this mail. Let’s see what is going to happen if you pick this path. I will, no doubt send out your video recording to all your contacts including friends and family, coworkers, and many others. It will not help you avoid the humiliation your self will need to face when family and friends learn your sordid details from me.

    Option 2 is to make the payment of $1900. We’ll name it my “confidentiality charges”. Let me tell you what will happen if you pick this choice. Your secret remains your secret. I’ll delete the recording immediately. You keep your routine life as if none of this ever occurred.

    Now you may be thinking, “I should call the cops”. Without a doubt, I have covered my steps in order that this email cannot be traced back to me and it won’t stay away from the evidence from destroying your daily life. I’m not planning to steal all your savings. I just want to be paid for the time I placed into investigating you. Let’s assume you decide to generate pretty much everything go away and pay me my confidentiality fee. You’ll make the payment by Bitcoin (if you do not know how, search “how to buy bitcoins” on google search)

    Amount to be sent: $1900
    Send To This Bitcoin Address: 13vGEE5kaKs3PJF5BgZuCAXDT1tG6RYB47
    (It’s case sensitive, so you should copy and paste it)

    Share with nobody what you should be sending the bitcoin for or they will often not sell it to you. The task to obtain bitcoins can take a couple of days so do not put it off.
    I’ve a specific pixel within this message, and right now I know that you have read this message. You now have 48 hours in order to make the payment. If I don’t get the Bitcoins, I will definately send your video recording to your entire contacts including close relatives, coworkers, and so on. You better come up with an excuse for friends and family before they find out. Having said that, if I receive the payment, I will destroy the recording and all other proofs immediately. It’s a non negotiable offer, thus please don’t ruin my personal time & yours. Your time has started.

  5. Ricevuta la stessa e-mail truffa da “Gavan Zhu” jsblairla@outlook.com

    Received the same scam e-mail from Gavan Zhu” jsblairla@outlook.com

    Required Amount: $ 1900
    Bitcoin Address to Send to: 1CZkb2ZD6PsMs5HG3bawCE2z3wifMSEtvZ

  6. Received one as well…
    I’m going to cut to the chase. I am aware xxx is your password. Moreover, I know your secret and I have proof of this. You do not know me personally and nobody hired me to investigate you.

    It is just your bad luck that I discovered your blunder. In fact, I installed a malware on the adult vids (pornography) and you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser began functioning as a Rdp (Remote desktop) having a key logger which provided me with access to your screen as well as cam. Just after that, my software collected your complete contacts from messenger, social networks, as well as email.

    After that I put in more time than I should have looking into your life and created a double screen video. First part shows the recording you had been watching and next part displays the view of your web cam (its you doing nasty things).

    Honestly, I’m ready to forget exactly about you and allow you to get on with your regular life. And I will offer you two options that can achieve that. The two choices with the idea to ignore this letter, or perhaps pay me $1900. Let us investigate above two options in more detail.

    Option One is to ignore this email message. You should know what will happen if you choose this path. I will send out your video recording to all of your contacts including close relatives, co-workers, and so forth. It will not help you avoid the humiliation you and your family will need to face when family and friends uncover your unpleasant details from me.

    Option 2 is to pay me $1900. We’ll call this my “privacy charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll delete the recording immediately. You continue on with your life like none of this ever happened.

    At this point you may be thinking, “I should go to the cops”. Without a doubt, I’ve taken steps to ensure that this email cannot be linked back to me also it will not stop the evidence from destroying your lifetime. I am not seeking to dig a hole in your pocket. I just want to be compensated for my efforts I placed into investigating you. Let’s hope you have decided to make pretty much everything go away and pay me my confidentiality fee. You will make the payment via Bitcoins (if you do not know this, type “how to buy bitcoins” on google search)

    Amount to be sent: $1900
    Receiving Bitcoin Address: 1Gsgt8XrvoUAvLZ1H68tJbvUe6JuQV7P6h
    (It is cASe sensitive, so copy and paste it carefully)

    Tell no-one what you would be sending the Bitcoins for or they may not provide it to you. The task to have bitcoin may take a couple of days so do not put it off.
    I’ve a specific pixel within this e-mail, and at this moment I know that you have read through this email. You now have 2 days in order to make the payment. If I do not get the BitCoins, I will send your video recording to your entire contacts including family members, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Nevertheless, if I do get paid, I will destroy the video immediately. It is a non-negotiable offer, so please do not waste my personal time and yours. Time is running out.

    It was a password of years ago…

  7. Mine was for $3200.

    As far as I can tell, the email address and that particular password was my LinkedIn log in.

  8. Mine was asking for $3200 and was from Oliver Sholes. I’m glad to see others are receiving these awful emails and that it is only a scam.

  9. I received one today, 17 July, from the name/address Harold Cockcroft , with $2900 to be sent to this bitcoin address: 1B9UNT4Msaw5f2fvuwKcazDuj9MMSPLa8x

    I’m a female former law enforcement officer, the password he referenced was on an account for a bank that has since been bought out by someone else, and to put it mildly, since I use the computer only for work, I haven’t been doing anything that would be all that interesting to anyone. Wow, NOAA maps, yeah, that’s going to surprise absolutely none of my friends.

    I’m sending the information to the FBI.

  10. Thanks for this Brian – right on the money, as ever. Perhaps just to reiterate a word of commonsense advice with people: don’t ever reuse passwords across different sites, or use variation on the same password. No really – don’t. If that sounds impossible, then do what the security savvy people do and use a reputable password saver app. There are some very good free ones available… personally I recommend Bruce Schneider’s pwSafe one (for iPhone) also known as Password Safe for Windows. Thanks again and keep up the good work – MC

  11. Here’s mine. I’m in Eastern Europe – why do they want more from me!

    I will directly come to the point. I’m aware xxxxx is your password. More to the point, I’m aware about your secret and I’ve evidence of it. You don’t know me personally and no one paid me to check out you.

    It’s just your hard luck that I discovered your blunder. Actually, I actually placed a malware on the adult video clips (porn) and you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser began operating as a Rdp (Remote control desktop) that has a keylogger which provided me access to your display as well as web camera. Right after that, my software obtained all your contacts from your messenger, social networks, and e-mail.

    After that I gave in much more hours than I should have investigating into your life and created a two screen video. First part shows the recording you were viewing and 2nd part displays the video of your cam (its you doing inappropriate things).

    Frankly, I am willing to forget all information about you and let you continue with your daily life. And I am going to provide you two options that may achieve that. These two option is to either ignore this letter, or perhaps pay me $3600. Let’s examine above 2 options in details.

    Option One is to ignore this e-mail. Let me tell you what will happen if you opt this path. I will definitely send your video recording to your contacts including family members, colleagues, and so on. It won’t shield you from the humiliation your household will have to feel when friends and family uncover your unpleasant details from me.

    Second Option is to pay me $3600. We will name this my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll destroy the video immediately. You go on with your lifetime as if none of this ever happened.

    Now you may be thinking, “I will call the cops”. Without a doubt, I have taken steps to make sure that this e-mail cannot be traced back to me and it will not stay away from the evidence from destroying your daily life. I am not looking to steal all your savings. I am just looking to get compensated for my efforts I put in investigating you. Let’s hope you have decided to create all of this disappear completely and pay me the confidentiality fee. You’ll make the payment by Bitcoin (if you don’t know how, search “how to buy bitcoins” on google)

    Amount to be sent: $3600
    Receiving Bitcoin Address: 1MAFzYQhm6msF2Dxo3Nbox7i61XvgQ7og5
    (It’s cASe sensitive, so copy and paste it carefully)

    Tell no-one what will you be utilizing the Bitcoins for or they will often not give it to you. The procedure to acquire bitcoin can take a few days so do not wait.
    I’ve a unique pixel in this mail, and right now I know that you have read through this mail. You have 48 hours to make the payment. If I do not get the BitCoins, I will certainly send your video to your contacts including close relatives, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I’ll erase the video immediately. It is a non-negotiable one time offer, so don’t ruin my time & yours. Time is running out.

    FWIW, I’ve been covering my webcams as a matter of course for several years now and my previously ‘paranoid they’re looking at me’ practice is now advised to be good sense by the FBI.

  12. Received this on 15 July at a rarely-used email. Read it today, maybe my time has run out?! I have had my webcams covered unless I’m using them for several years now. I’m glad to see that the FBI advises this as a matter of course because when I started doing it, others were laughing at my caution.

    Email from: Cookie Zei hhaeriellom@outlook.com

    I will directly come to the point. I’m aware xxxxx is your password. More to the point, I’m aware about your secret and I’ve evidence of it. You don’t know me personally and no one paid me to check out you.

    It’s just your hard luck that I discovered your blunder. Actually, I actually placed a malware on the adult video clips (porn) and you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser began operating as a Rdp (Remote control desktop) that has a keylogger which provided me access to your display as well as web camera. Right after that, my software obtained all your contacts from your messenger, social networks, and e-mail.

    After that I gave in much more hours than I should have investigating into your life and created a two screen video. First part shows the recording you were viewing and 2nd part displays the video of your cam (its you doing inappropriate things).

    Frankly, I am willing to forget all information about you and let you continue with your daily life. And I am going to provide you two options that may achieve that. These two option is to either ignore this letter, or perhaps pay me $3600. Let’s examine above 2 options in details.

    Option One is to ignore this e-mail. Let me tell you what will happen if you opt this path. I will definitely send your video recording to your contacts including family members, colleagues, and so on. It won’t shield you from the humiliation your household will have to feel when friends and family uncover your unpleasant details from me.

    Second Option is to pay me $3600. We will name this my “confidentiality tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll destroy the video immediately. You go on with your lifetime as if none of this ever happened.

    Now you may be thinking, “I will call the cops”. Without a doubt, I have taken steps to make sure that this e-mail cannot be traced back to me and it will not stay away from the evidence from destroying your daily life. I am not looking to steal all your savings. I am just looking to get compensated for my efforts I put in investigating you. Let’s hope you have decided to create all of this disappear completely and pay me the confidentiality fee. You’ll make the payment by Bitcoin (if you don’t know how, search “how to buy bitcoins” on google)

    Amount to be sent: $3600
    Receiving Bitcoin Address: 1MAFzYQhm6msF2Dxo3Nbox7i61XvgQ7og5
    (It’s cASe sensitive, so copy and paste it carefully)

    Tell no-one what will you be utilizing the Bitcoins for or they will often not give it to you. The procedure to acquire bitcoin can take a few days so do not wait.
    I’ve a unique pixel in this mail, and right now I know that you have read through this mail. You have 48 hours to make the payment. If I do not get the BitCoins, I will certainly send your video to your contacts including close relatives, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I’ll erase the video immediately. It is a non-negotiable one time offer, so don’t ruin my time & yours. Time is running out.

  13. The same email from Charley Gladen. I’ll leave it here for new victim.

    I’m going to cut to the chase. I know that XXXXXXX is your pass word. Most importantly, I know about your secret and I have proof of this. You don’t know me and nobody hired me to examine you.

    It’s just your misfortune that I came across your blunder. Well, I actually placed a malware on the adult videos (pornographic material) and you visited this web site to have fun (you know what I mean). When you were busy watching video clips, your internet browser started out functioning as a Rdp (Remote control desktop) having a key logger which gave me access to your display as well as web cam. Immediately after that, my software collected your entire contacts from your social networks, and e-mail.

    Next, I put in more time than I probably should have into your life and made a two view video. 1st part displays the video you were watching and next part shows the recording from your webcam (its you doing nasty things).

    Frankly, I am ready to forget everything about you and let you continue with your daily life. And I am about to provide you two options which will accomplish this. The above option is with the idea to ignore this letter, or simply just pay me $3200. Let’s examine these two options in more detail.

    First Option is to ignore this e-mail. Let me tell you what is going to happen if you pick this path. I will certainly send out your video recording to your contacts including close relatives, colleagues, and so on. It will not protect you from the humiliation your household will need to feel when friends and family uncover your dirty details from me.

    Second Option is to make the payment of $3200. We’ll name it my “privacy tip”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I’ll erase the recording immediately. You continue on with your daily life as if nothing like this ever occurred.

    Now you may be thinking, “I should go to the cops”. Let me tell you, I have covered my steps to ensure that this e mail can’t be traced to me also it won’t steer clear of the evidence from destroying your life. I’m not looking to steal all your savings. I am just looking to get compensated for the time I put into investigating you. Let’s assume you have decided to create all of this disappear and pay me the confidentiality fee. You’ll make the payment by Bitcoin (if you don’t know how, type “how to buy bitcoins” on google search)

    Required Amount: $3200
    Receiving Bitcoin Address: 15DXWiU8dLYNSsXhZCuwLH5sc7jz6B9xSP
    (It’s case sensitive, so copy and paste it carefully)

    Tell no one what you would be transferring the Bitcoins for or they possibly will not sell it to you. The process to get bitcoin can take a few days so do not put it off.
    I’ve a specific pixel within this e-mail, and at this moment I know that you’ve read this email. You have 24 hours in order to make the payment. If I don’t get the BitCoins, I will, no doubt send your video recording to your contacts including friends and family, coworkers, and so on. You better come up with an excuse for friends and family before they find out. However, if I receive the payment, I will destroy the video immediately. It is a non-negotiable one time offer, thus do not ruin my time and yours. The clock is ticking.

  14. I received two of the same letters one this morning the other last weekend. I don’t have a camera in use its got a blinder as well for years. My security and firewall are top notch and yet there messages end up in spam folders. today’s made my other email on yahoo inbox and described a very old password. I got a phony ATT bill for wireless I don’t have and when I opened it, there games started.
    I sent a copy to ATT the office of the president Hector Gonzales rep.

    He ignored it because they’re having so many of these phony bills printing and distributed to AT&T clients they the moment you open it, It asks for payment and says its overdue and to click here and pay it. Don’t!….. clear your cache and reboot then go to the actual ATT site and report it.

    Best wishes

    CJ

  15. Received an identically worded scam email from clydessbqjw@outlook.com. All passwords changed just in case but didn’t even question it, as very clearly fake.

  16. I got this one in the “junk email” folder yesterday:

    Let’s get straight to the point. I do know ******* is your pass word. Most importantly, I know your secret and I have proof of your secret. You don’t know me personally and nobody hired me to examine you.

    It’s just your bad luck that I came across your misdemeanor. Let me tell you, I placed a malware on the adult videos (sexually graphic) and you visited this site to experience fun (you know what I mean). While you were watching video clips, your web browser started out operating as a Rdp (Remote desktop) having a keylogger which provided me access to your display and also web camera. Immediately after that, my software collected your complete contacts from social networks, as well as email.

    Next, I gave in more hours than I should have looking into your life and generated a two view video. 1st part displays the video you were watching and second part displays the video of your cam (its you doing dirty things).

    Frankly, I am ready to forget about you and allow you to get on with your daily life. And I am about to present you two options that will accomplish that. These two choices either to ignore this letter, or just pay me $3200. Let’s investigate these 2 options in more details.

    First Option is to ignore this email. You should know what will happen if you opt this path. I will definately send your video to all of your contacts including friends and family, co-workers, and so forth. It does not save you from the humiliation your household will feel when family and friends find out your sordid videos from me.

    Other Option is to pay me $3200. We will name it my “privacy fee”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will delete the recording immediately. You move on with your lifetime that nothing ever happened.

    Now you may be thinking, “I will go to the cops”. Without a doubt, I’ve covered my steps to ensure that this e-mail cannot be linked back to me also it won’t steer clear of the evidence from destroying your life. I’m not trying to dig a hole in your pocket. I just want to get compensated for time I put in investigating you. Let’s assume you have chosen to create pretty much everything vanish entirely and pay me my confidentiality fee. You will make the payment by Bitcoins (if you do not know how, search “how to buy bitcoins” in google search)

    Required Amount: $3200
    Receiving Bitcoin Address: 15LZALXitpbkK6m2QcbeQp6McqMvgeTnY8
    (It is case sensitive, so copy and paste it carefully)

    Tell no one what you would be utilizing the Bitcoins for or they will often not sell it to you. The procedure to have bitcoins may take a few days so do not delay.
    I’ve a specific pixel in this email, and at this moment I know that you’ve read through this e mail. You have two days in order to make the payment. If I don’t receive the Bitcoins, I will definitely send out your video to all your contacts including family members, coworkers, etc. You better come up with an excuse for friends and family before they find out. Nonetheless, if I receive the payment, I will destroy the video immediately. It is a non-negotiable one time offer, so don’t ruin my personal time and yours. Time is running out.

    They are definitely trying to find the sweet spot on pricing ($3200-$1900). It’s a real shame!

    • I received a similar email today. Is this something I should be concerned about? Should I go to the police about it?

  17. Got the same e-mail this afternoon. Old password that has not been in use for years. Went to Spam. Thanks for the article.

    • Received this message Yesterday. I was totally shocked. I thought how is this possible! I use Safari.

      I couldn’t sleep. Thank a lot of this article and your replies.

      Edwin
      From Amsterdam

  18. I got one on Sunday too. No password was mentioned so I figured it was just a straightforward fishing expedition and deleted it. My e-mail address has been bandied about for a few years now so the malefactor could have found it anywhere. It’s not an important address, I have another that is more private. Btw, I’m an elderly woman.

  19. I just got one myself and am in the process of scanning my hard drive for the purported malware, though I suspected it was a scam, since it used an old password. They wanted $1,900.

    Nice coincidence that I came across the article!

    MJ

  20. Got the same one! Legitimately impossible for about a dozen reasons, but definitely attached to a password breach from at least 7 years ago.

  21. Got a similarly worded email (referencing old password) with only the amount changed to $3500 (upping the ante!) from phkissieeh@outlook.com.

  22. Recibí este mismo email el 16/07/18 Es llamativo que todos los que aquí comentamos lo hagamos en esta franja de fechas. La contraseña la uso para sitios sin importancia. Era vieja y la chica a utilizar esta semana para lo único que he hecho nuevo esta semana que fue abrir por primera vez una cuenta en Instagram. Donde aún no he publicado nada.
    Así que atentos… pensar si no es vuestras contraseña de Instagram. Tal vez venga por ahí.
    Espero respuestas para sacarme esta duda.

    • Igual recibí dos veces ese correo, pero no le paro bola, la realidad si quisiera que mas bien ellos tomen un susto le contestaría diciendo que se mas cosas de ellos de lo que ellos creen, pero es claramente una forma de phishing para ver qué ingenuo cae en su juego.

  23. I received the same email this morning,demanding $1900.

    My worry is indeed I have been on the sites several times,how real is the scam,have they posted anything ?The password in question I have not used it in a while.

    The bitcoin addy is it traceable?

  24. I got the same email yesterday, again an old password that I had not used in over 10yrs. Interesting to know that other people have experienced the same issues.

  25. Richard Malsch

    Didn’t know this was going around, but yes, I’ve received 2 so far with slight variations in wording (14-Jul-2018, 17-Jul-2018). The subject included an email/password combo that I haven’t used for a long time EXCEPT within the last 30 days upon the John L. Scott PropertyTracker site @ https://www.johnlscott.com/

    I’m not worried about this username/password being out there because I typically use a unique email/password for each different domain, but my concern is rather that perhaps JLS has 1) a trojan/bot sending out credentials to the phishing community from the web server instance, or 2) JLS is storing my email/password both together unhashed & within the same backend DB, or even 3) that JLS is incapable of determining massive #’s of login attempts with a common signature (like source IP).

    Like I said, I’m not concerned with my own security, but there are so many folks out there who would think the email’s tech jargon is actually legitimate. 🙂

  26. Christopher Neaves

    Received exactly worded email as referenced above to my work email address. Password mentioned in my email may have been an old one, not sure. Freaked out at first, now even if they send a video who cares. Thanks for the post

  27. Got the same one :
    ———
    From: Jamima Linfoot (mailto:mebkerrielo@outlook.com)
    Sent: July 14, 2018 7:12 PM
    To: carlos.urtubia@live.ca
    Subject: carlos.urtubia –

    Let’s get straight to the point. I am aware is your password. More to the point, I do know about your secret and I’ve proof of it. You do not know me and no one hired me to check out you.

    It’s just your misfortune that I discovered your misdemeanor. Let me tell you, I installed a malware on the adult video clips (pornography) and you visited this web site to experience fun (you know what I mean). When you were busy watching video clips, your browser began operating as a Rdp (Remote desktop) with a keylogger which provided me access to your display screen as well as web camera. After that, my software program collected all of your contacts from messenger, fb, as well as email.

    After that I put in much more time than I probably should have into your life and made a double display video. First part shows the recording you had been viewing and second part shows the recording from your web cam (its you doing nasty things).

    Frankly, I want to forget details about you and allow you to get on with your life. And I will provide you two options that can accomplish that. Those two options are with the idea to ignore this letter, or perhaps pay me $ 2900. Let us investigate these two options in more detail.

    First Option is to ignore this e mail. Let us see what is going to happen if you pick this option. I definitely will send your video to all of your contacts including relatives, colleagues, and many others. It does not help you avoid the humiliation your family will feel when friends and family learn your sordid videos from me.

    Other Option is to send me $ 2900. We’ll call it my “privacy charges”. Now let me tell you what happens if you choose this path. Your secret remains your secret. I will erase the recording immediately. You keep your daily life that nothing like this ever occurred.

    At this point you may be thinking, “I should go to the cops”. Let me tell you, I’ve covered my steps to make sure that this email cannot be tracked back to me and yes it won’t steer clear of the evidence from destroying your life. I am not looking to dig a hole in your pocket. I am just looking to get compensated for time I put into investigating you. Let’s hope you have decided to produce all of this disappear completely and pay me my confidentiality fee. You’ll make the payment via Bitcoin (if you don’t know how, type “how to buy bitcoins” on search engine)

    Amount to be sent: $ 2900
    Receiving Bitcoin Address: 1MAFzYQhm6msF2Dxo3Nbox7i61XvgQ7og5
    (It’s case sensitive, so copy and paste it carefully)

    Tell nobody what you would be sending the bitcoin for or they will often not give it to you. The method to obtain bitcoin may take a day or two so do not delay.
    I’ve a unique pixel in this e-mail, and now I know that you have read this email. You have 2 days in order to make the payment. If I do not receive the Bitcoin, I will send out your video recording to all your contacts including members of your family, coworkers, etc. You better come up with an excuse for friends and family before they find out. Having said that, if I do get paid, I’ll erase the video immediately. It is a non-negotiable one time offer, so kindly don’t ruin my time and yours. Time is running out.
    ———

    Very funny that they are with this kind of thing now…Because I am in Canada, I’ve reported this to the RCMP, but I guess will be hard to find them…

    Thank you for your article.

    • Sadly, the address in your url receiving bitcoins, so we should expect more fraud like this 🙁

  28. I got this one this morning…one interesting thing to note…when I highlighted the text to copy and paste here, all of those haphazardly typed names in between the message text (I put them in parens)? That was all hidden in the original e-mail..I only saw it when I selected all of the text, then it showed up. I thought I was reading Tom Riddle’s diary.

    From: Elsy Boscagli [mailto:srllewellynjci@outlook.com]
    Sent: Wednesday, July 18, 2018 12:41 PM
    To: ron@ferraro.us
    Subject: Re ron – xxxxxxx?

    I am aware xxxxxxx is your pass. Lets get right to point. No one has compensated me to investigate you. You may not know me and you’re probably thinking why you are getting this e-mail?

    (Theresa Connie Dan Steve Raymond Byron Erick Tony Joseph Brandon)

    actually, I actually setup a software on the 18+ videos (porn material) website and you know what, you visited this website to have fun (you know what I mean). When you were watching video clips, your browser began operating as a RDP having a keylogger which provided me accessibility to your display screen and webcam. Right after that, my software program collected every one of your contacts from your Messenger, social networks, as well as e-mailaccount. And then I made a double video. First part displays the video you were watching (you’ve got a nice taste lmao), and 2nd part displays the view of your web camera, and it is u.

    (Susan Javier Stephanie Luann Rosa Logan Cimarron Joe Joni Marshall)

    You have two different solutions. Shall we study the solutions in particulars:

    (Ryan Kari Emmanuel Aimee Georgehenrie Brett Kelsey Ray Marisa Marlen)

    1st choice is to skip this e-mail. In this situation, I will send out your video to each one of your personal contacts and also visualize about the embarrassment you can get. Do not forget if you are in a committed relationship, how it is going to affect?

    (Benard Crystal Alejandra Briana Michael Elbert Robert Andrew Scott Sultan)

    Latter solution should be to compensate me $3000. We will refer to it as a donation. Consequently, I will asap remove your video recording. You could go on with your daily routine like this never took place and you will not hear back again from me.

    (Jared Ryan Kevin Vinnie Justin Brent Rod Christopher Anna)

    You’ll make the payment by Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

    (Hector Gma Tamara Kiah Noe Rita Coonie Chris Jeremy Idy)

    BTC Address: 1CyQcBhVeuiYFhCUxKCKpx9tNcLvtVvgnX

    (Austin Ellen Andrew Sean Sirlange Mary Amaury Robert Lawonda Gloria)

    [case-SENSITIVE, copy and paste it]

    (Michelle Eduardo Brooke Kima Joseph Richard Amy Jean Richard Lynn)

    If you are thinking of going to the police, good, this e mail can not be traced back to me. I have taken care of my moves. I am also not attempting to ask you for a whole lot, I just like to be compensated. You have one day in order to make the payment. I have a specific pixel in this e-mail, and now I know that you have read this message. If I do not receive the BitCoins, I definitely will send out your video to all of your contacts including close relatives, coworkers, and so on. Nevertheless, if I receive the payment, I will erase the video right away. This is a non-negotiable offer, and thus please do not waste my personal time & yours by replying to this mail. If you want evidence, reply Yea then I definitely will send out your video to your 5 friends.

    (Axel Magdalena Tenaya Courtney Shun Janice Cheryle Alyssa Jim Crystal Zora Cynthia Sam Jeremy Anthony Merenguekong Tracey Sergio Mike Marcus Daniel Ashley Timarah Kenisha Vince James Kiara Tammy Cilianette Antoinette Marquelis Adger Chris Dedosha Rudy Edwin Robert Shane Eric Dailuz Sammy Leticia Meg Andy Lorenzo Dominique Randall Chris Sildesa Rodney Teresha Sonny Susi Lynn James Jennifer Irving Cory Mason Anthony Tabitha Crystal Raymond Antie Joel Jennifer Dustin Patricia Michel Amanda Ngoctrinh Velucia Loterte Thomas Nancy Tyler Debbie Sarah Daniel Kelly Berlin Michelle Elizabeth David Vincent Tamara Heather Linda Iris Richard)

    • Same thing! Didn’t realize the names were in there. Weeeeird.

      Not sure how to report it, still looking through comments here.

  29. just received two of these emails on two of my accounts. seems to be from the Verizon data breach in Jul 2017. The passwords were PINs and not passwords. The only place I used the two PINs they mentioned was on the Verizon Wireless website.

  30. OH GOOD GRIEF!!! I got another of these freaking spams again today! This time “Ernesto Phillips” is trying to extort me, and it’s “just my hard luck that he came across my misdemeanor….”

    If these assholes spent as much time doing good instead of this kind of crap, the world might be a better place. Again, the perp is using an Outlook address, and there is NO logical correlation between his name (does anyone REALLY think his name is “Ernesto”??) and the name in his address (grahamjqibbanr@outlook.com).

    And what I still would like to know: Since so many of us got these messages from different senders (??), all of which seem to have different Bitcoin addresses, WHO is getting this money? Is there some form of black hat syndicate that is collecting the money and then sharing it among the players in the scam?

    At what point should we notify the FBI? We KNOW these jerkazoids are–more than likely–offshore, so any federal agency would be powerless to do anything.

    Brian, any thoughts/suggestions?

    Thanks! ~TW